Dear developers,
I've just now been alerted to some activity on our webserver py1. Email bounces from users started arriving to me (the webmaster) and I quickly tried to gather information about what kind of event we had. One of the bounces contained headers showing the emails were coming from our server.
I have thus shut down postfix on py1 as a precaution, the website will be unable to send email for the time being.
I've been digging through the logs to find out what kind of issue we have:
* A service ticket has been created for OSUOSL to investigate * None of the email addresses appear in our user accounts list, so our database is unlikely to have been compromised. * There's been an sshd attack against the server today from 3:12am to 18:23pm but no actual signs of a break in. * Email appear at 18:53, unknown quantity (more than 40), logs do not report quantity at this time. So it might be something pretending to be py1 to osuosl's smtp server.
I'll reply here when I know more, although I probably won't hear back from osuosl until tomorrow.
Best regards, Martin Owens